--- linux-ftpd-ssl-0.17.18+0.3.orig/ftpd/ftpcmd.y +++ linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpcmd.y @@ -126,7 +126,14 @@ char cbuf[512]; char *fromname; -struct tab; +struct tab { + const char *name; + short token; + short state; + short implemented; /* 1 if command is implemented */ + const char *help; +}; + static int yylex __P((void)); static void sizecmd __P((char *)); static void help __P((struct tab *, char *)); @@ -187,7 +194,7 @@ { if (!strncmp((char *) $3,"SSL",3)) { #ifdef USE_SSL - reply(334, "AUTH SSL OK."); + reply(234, "AUTH SSL OK."); /* now do all the hard work :-) */ do_ssl_start(); @@ -893,14 +900,6 @@ #define SITECMD 7 /* SITE command */ #define NSTR 8 /* Number followed by a string */ -struct tab { - const char *name; - short token; - short state; - short implemented; /* 1 if command is implemented */ - const char *help; -}; - struct tab cmdtab[] = { /* In order defined in RFC 765 */ { "AUTH", AUTH, STR1, 1, " auth_type" }, { "USER", USER, STR1, 1, " username" }, --- linux-ftpd-ssl-0.17.18+0.3.orig/ftpd/ftpd.8 +++ linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.8 @@ -142,6 +142,53 @@ .It Fl u Change the default umask from 027 to .Ar mask . +.It Fl z Ar SSL-parameter +This option is only valid if +.Nm ftpd +has been built with SSL (Secure Socket Layer) support. +.Bl -tag -width Fl +.It Ic debug +Enable SSL related debugging. +.It Ic ssl +Negotiate SSL at first, then use ftp protocol. In this mode ftpd +only accepts connections from SSL enhanced ftp with option +.Ic -z ssl . +(Not yet implemented) +.It Ic nossl, !ssl +switch of SSL negotiation +.It Ic certsok +Look username up in /etc/ssl.users. The format of this file is lines +of this form: +.Ar user1,user2:/C=US/..... +where user1 and user2 are usernames. If client certificate is valid, +authenticate without password. +.It Ic certrequired +client certificate is mandatory +.It Ic secure +Don't switch back to unencrypted mode (no SSL) if SSL is not available. +.It Ic verify=int +.\" TODO +Set the SSL verify flags (SSL_VERIFY_* in +.Ar ssl/ssl.h +). +.\" TODO +.It Ic cert=cert_file +.\" TODO +Use the certificate(s) in +.Ar cert_file . +.It Ic key=key_file +.\" TODO +Use the key(s) in +.Ar key_file . +.It Ic cipher=ciph_list +.\" TODO +Set the preferred ciphers to +.Ar ciph_list . +.\" TODO: possible values; comma-separated list? +(See +.Ar ssl/ssl.h +). +.El .El .Pp The file --- linux-ftpd-ssl-0.17.18+0.3.orig/ftpd/ftpd.c +++ linux-ftpd-ssl-0.17.18+0.3/ftpd/ftpd.c @@ -1308,7 +1308,11 @@ } askpasswd = 0; #ifndef USE_PAM - if (!guest) { /* "ftp" is only account allowed no password */ + if (!guest +#ifdef USE_SSL + && !ssl_auto_login +#endif + ) { /* "ftp" is only account allowed no password */ #endif /* * Try to authenticate the user @@ -1329,7 +1333,11 @@ return; } #ifdef USE_PAM - if (guest) { + if (guest +#ifdef USE_SSL + || ssl_auto_login +#endif + ) { #else } else { #endif @@ -1769,6 +1777,66 @@ (void) setsockopt(s, IPPROTO_IP, IP_TOS, (char *)&tos, sizeof(int)); #endif +#ifdef USE_SSL + /* time to negotiate SSL on the data connection ... + * do this via SSL_accept (as we are still the server + * even though things are started around the other way) + * + * note: we really *must* make sure the session stuff + * is copied correctly as we cannot afford a full + * SSL negotiation for each data socket! + */ + /* TODO XXXX fill in the blanks :-) + */ + ssl_data_active_flag=0; + if (ssl_active_flag && ssl_encrypt_data) { + /* do SSL */ + + reply(150, "Opening %s mode SSL data connection for %s%s.", + type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); + + if (ssl_data_con!=NULL) { + SSL_free(ssl_data_con); + ssl_data_con=NULL; + } + ssl_data_con=(SSL *)SSL_new(ssl_ctx); + + /* copy session details ... */ + SSL_copy_session_id(ssl_data_con,ssl_con); + + /* for 0.5.2 - want to change the timeout value etc ... */ + + SSL_set_fd(ssl_data_con,pdata); + SSL_set_verify(ssl_data_con,ssl_verify_flag,NULL); + + /* if is "safe" to read ahead */ + /* SSL_set_read_ahead(ssl_data_con,1); */ + + if (ssl_debug_flag) + BIO_printf(bio_err,"===>START SSL_accept on DATA\n"); + + if (SSL_accept(ssl_data_con)<=0) { + static char errbuf[1024]; + + sprintf(errbuf,"ftpd: SSL_accept DATA error %s\n", + ERR_error_string(ERR_get_error(),NULL)); + perror_reply(425, errbuf); + /* abort time methinks ... */ + fclose(file); + return NULL; + } else { + if (ssl_debug_flag) { + BIO_printf(bio_err,"[SSL DATA Cipher %s]\n", + SSL_get_cipher(ssl_con)); + } + ssl_data_active_flag=1; + } + + if (ssl_debug_flag) + BIO_printf(bio_err,"===>DONE SSL_accept on DATA\n"); + + } else { +#endif /* USE_SSL */ if (stou) { reply(150, "FILE: %s", name); } else { @@ -1777,6 +1845,9 @@ type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); } +#ifdef USE_SSL + } +#endif /* USE_SSL */ return (fdopen(pdata, mode)); } if (data >= 0) { @@ -1833,6 +1904,65 @@ data = -1; return (NULL); } +#ifdef USE_SSL + /* time to negotiate SSL on the data connection ... + * do this via SSL_accept (as we are still the server + * even though things are started around the other way) + * + * note: we really *must* make sure the session stuff + * is copied correctly as we cannot afford a full + * SSL negotiation for each data socket! + */ + /* TODO XXXX fill in the blanks :-) + */ + ssl_data_active_flag=0; + if (ssl_active_flag && ssl_encrypt_data) { + /* do SSL */ + + reply(150, "Opening %s mode SSL data connection for %s%s.", + type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); + + if (ssl_data_con!=NULL) { + SSL_free(ssl_data_con); + ssl_data_con=NULL; + } + ssl_data_con=(SSL *)SSL_new(ssl_ctx); + + /* copy session details ... */ + SSL_copy_session_id(ssl_data_con,ssl_con); + + /* for 0.5.2 - want to change the timeout value etc ... */ + + SSL_set_fd(ssl_data_con,data); + SSL_set_verify(ssl_data_con,ssl_verify_flag,NULL); + + /* if is "safe" to read ahead */ + /* SSL_set_read_ahead(ssl_data_con,1); */ + + if (ssl_debug_flag) + BIO_printf(bio_err,"===>START SSL_accept on DATA\n"); + + if (SSL_accept(ssl_data_con)<=0) { + static char errbuf[1024]; + + sprintf(errbuf,"ftpd: SSL_accept DATA error %s\n", + ERR_error_string(ERR_get_error(),NULL)); + perror_reply(425, errbuf); + /* abort time methinks ... */ + fclose(file); + return NULL; + } else { + if (ssl_debug_flag) + BIO_printf(bio_err,"[SSL DATA Cipher %s]\n", + SSL_get_cipher(ssl_con)); + ssl_data_active_flag=1; + } + + if (ssl_debug_flag) + BIO_printf(bio_err,"===>DONE SSL_accept on DATA\n"); + + } else { +#endif /* USE_SSL */ if (stou) { reply(150, "FILE: %s", name); } else { @@ -1841,6 +1971,9 @@ type == TYPE_A ? "ASCII" : "BINARY", name, sizebuf); } +#ifdef USE_SSL + } +#endif /* USE_SSL */ return (file); } @@ -2188,9 +2321,9 @@ va_start(ap); #endif #ifdef USE_SSL - /* assemble the output into a buffer */ + /* assemble the output into a buffer, checking for length */ sprintf(outputbuf,"%d ",n); - vsprintf(outputbuf+strlen(outputbuf),fmt,ap); + vsnprintf(outputbuf+strlen(outputbuf),2048-(strlen(outputbuf) + 3),fmt,ap); strcat(outputbuf,"\r\n"); if (ssl_debug_flag) --- linux-ftpd-ssl-0.17.18+0.3.orig/debian/changelog +++ linux-ftpd-ssl-0.17.18+0.3/debian/changelog @@ -1,3 +1,40 @@ +linux-ftpd-ssl (0.17.18+0.3-5) unstable; urgency=high + + * applied security patch for CVE-2005-3524. (Closes: #339074) + + -- Cai Qian Fri, 18 Nov 2005 17:27:01 +0000 + +linux-ftpd-ssl (0.17.18+0.3-4) unstable; urgency=low + + * applied gcc4/amd64 patch by Andreas Jochens (Closes: #300247) + + -- Cai Qian Wed, 28 Sep 2005 01:04:00 +0100 + +linux-ftpd-ssl (0.17.18+0.3-3) unstable; urgency=low + + * encoded changelog to UTF-8 + * followed debhelper V4 + + -- Cai Qian Mon, 15 Nov 2004 22:45:00 +0800 + +linux-ftpd-ssl (0.17.18+0.3-2) unstable; urgency=low + + * New maintainer (Closes: #250711) + * Change debian/rules to fix missing ftpd.8 + + -- Cai Qian Sun, 27 Sep 2004 01:45:00 +0800 + +linux-ftpd-ssl (0.17.18+0.3-1) unstable; urgency=low + + * Bring linux-ftpd in line with current netkit-telnet + * Build for sid/sarge + * Make ftp-ssl protocol compatible with + http://www.ietf.org/internet-drafts/draft-murray-auth-ftp-ssl-09.txt + or http://www.ietf.org/rfc/rfc2228.txt. This can break compatiblility + with older ftp-ssl (closes: #154138) + + -- Christoph Martin Thu, 27 May 2004 15:00:27 +0200 + linux-ftpd (0.17-18) unstable; urgency=low * New maintainer. (Closes: #249709) @@ -30,7 +67,7 @@ linux-ftpd (0.17-14) unstable; urgency=low - * Added Spanish debconf translation (Carlos Valdivia Yagüe, closes: #143956). + * Added Spanish debconf translation (Carlos Valdivia Yagüe, closes: #143956). * Call ls without -g (closes #156992). -- Herbert Xu Sun, 25 Aug 2002 10:09:07 +1000 @@ -41,6 +78,23 @@ -- Herbert Xu Thu, 18 Apr 2002 19:18:28 +1000 +linux-ftpd-ssl (0.17.12+0.3-2) unstable; urgency=low + + * moved from nonus to main + + -- Christoph Martin Sat, 23 Mar 2002 12:18:50 +0100 + +linux-ftpd-ssl (0.17.12+0.3-1) unstable; urgency=low + + * Fixed REST/STOR combination with OpenBSD patch (#132974). + * REST now accepts intmax_t (#126766). + * Built with support for large files (#122961). + * Added sample limits.conf entry against globbing (#121074). + * Added Brazilian debconf template (Andre Luis Lopes, #120835). + * Always specify the syslog facility explicitly (#121644). + + -- Christoph Martin Thu, 7 Mar 2002 09:57:26 +0100 + linux-ftpd (0.17-12) unstable; urgency=low * Fixed REST/STOR combination with OpenBSD patch (closes: #132974). @@ -67,6 +121,14 @@ -- Herbert Xu Sat, 1 Dec 2001 18:28:51 +1100 +linux-ftpd-ssl (0.17.8+0.3-1) unstable; urgency=low + + * bring in line with linux-ftpd + * Debconf (see 113611) + * pam_limits used + + -- Christoph Martin Wed, 21 Nov 2001 16:05:54 +0100 + linux-ftpd (0.17-8) unstable; urgency=low * Added German debconf template (Sebastian Feltel, closes: #113611). @@ -87,6 +149,16 @@ -- Herbert Xu Sat, 9 Jun 2001 13:25:27 +1000 +linux-ftpd-ssl (0.17.5+0.3-1) unstable; urgency=low + + * Remove Provides ftpd (closes: #93532) + * Bring in line with linux-ftpd (see 96640 and 93217) + * new upstream patch (0.3) brings working -z secure (closes: #92873) + which can now force ftpd to only accept secure connections + * add SSL options to manpage (closes: #92602) + + -- Christoph Martin Sun, 13 May 2001 13:44:58 +0200 + linux-ftpd (0.17-5) unstable; urgency=low * Removed duplicate authentication error message (closes: #96640). @@ -99,6 +171,13 @@ -- Herbert Xu Sun, 22 Apr 2001 09:33:26 +1000 +linux-ftpd-ssl (0.17.4+0.2-1) unstable; urgency=low + + * bring linux-ftpd updates to -ssl + * builddepends on libssl-dev + + -- Christoph Martin Sat, 10 Mar 2001 17:48:45 +0100 + linux-ftpd (0.17-3) unstable; urgency=low * Fixed anonymous authentication bug when PAM is disabled (Liviu Daia, @@ -107,6 +186,12 @@ -- Herbert Xu Fri, 9 Mar 2001 22:30:37 +1100 +linux-ftpd-ssl (0.17.2+0.2-1) unstable; urgency=low + + * initial linux-ftpd-ssl version + + -- Christoph Martin Sun, 18 Feb 2001 14:27:54 +0100 + linux-ftpd (0.17-2) unstable; urgency=high * Applied bug fix from OpenBSD (closes: #78973). @@ -197,3 +282,4 @@ -- Herbert Xu Thu, 1 Apr 1999 13:45:20 +1000 + --- linux-ftpd-ssl-0.17.18+0.3.orig/debian/control +++ linux-ftpd-ssl-0.17.18+0.3/debian/control @@ -1,17 +1,25 @@ -Source: linux-ftpd +Source: linux-ftpd-ssl Section: net Priority: extra -Maintainer: Robert Millan -Build-Depends: bison, debhelper, libpam-dev -Standards-Version: 3.6.1 +Maintainer: Cai Qian +Build-Depends: bison, debhelper (>= 4.0.0), libpam-dev, libssl-dev +Standards-Version: 3.6.2 -Package: ftpd +Package: ftpd-ssl Architecture: any -Depends: netbase, libpam-modules, ${shlibs:Depends} +Depends: netbase, libpam-modules, openssl (>= 0.9.2b), ${shlibs:Depends}, ${misc:Depends} Provides: ftp-server -Conflicts: ftp-server -Replaces: netstd -Description: FTP server - This is the netkit ftp server. It is recommended for you to use one of its - alternatives, such as wu-ftpd or proftpd. +Conflicts: ftp-server, ftpd +Replaces: ftpd +Description: FTP server with SSL encryption support + This is the netkit ftp server with encryption support. + . + ftpd-ssl replaces normal ftpd using SSL authentication and encryption. + It interoperates with normal ftp. + It checks if the other side is also talking SSL, if not it falls back + to normal ftp protocol. + . + Advantages over normal ftp(d): Your passwords and the data you send + will not go in cleartext over the line. Nobody can get it with + tcpdump or similar tools. --- linux-ftpd-ssl-0.17.18+0.3.orig/debian/postinst +++ linux-ftpd-ssl-0.17.18+0.3/debian/postinst @@ -14,4 +14,28 @@ fi fi +cd /etc/ssl/certs +PATH=$PATH:/usr/bin/ssl +if [ -f ftpd.pem ] +then + echo "You already have /etc/ssl/certs/ftpd.pem" +else + HOSTNAME=`hostname -s` + DOMAINNAME=`hostname -d` + openssl req -new -x509 -nodes -out ftpd.pem -keyout ftpd.pem > /dev/null 2>&1 <<+ +. +. +. +$DOMAINNAME +$HOSTNAME +ftpd +root@$HOSTNAME.$DOMAINNAME ++ +# req -new -x509 -nodes -out ftpd.pem -keyout ftpd.pem + ln -sf ftpd.pem `openssl x509 -noout -hash < ftpd.pem`.0 +# chmod 644 ftpd.pem +fi + +chmod 0600 /etc/ssl/certs/ftpd.pem + #DEBHELPER# --- linux-ftpd-ssl-0.17.18+0.3.orig/debian/postrm +++ linux-ftpd-ssl-0.17.18+0.3/debian/postrm @@ -5,4 +5,11 @@ update-inetd --remove "ftp stream tcp nowait root /usr/sbin/tcpd /usr/sbin/in.ftpd" fi +if [ "$1" = purge ]; then + cd /etc/ssl/certs + PATH=$PATH:/usr/bin/ssl + rm -f `openssl x509 -noout -hash < ftpd.pem`.0 + rm -f ftpd.pem +fi + #DEBHELPER# --- linux-ftpd-ssl-0.17.18+0.3.orig/debian/rules +++ linux-ftpd-ssl-0.17.18+0.3/debian/rules @@ -32,11 +32,12 @@ dh_clean -k dh_installdirs - cp ftpd/ftpd debian/tmp/usr/sbin/in.ftpd - cp ftpd/ftpd.8 debian/tmp/usr/share/man/man8/in.ftpd.8 - cp ftpd/*.5 debian/*.5 debian/tmp/usr/share/man/man5 - cp debian/ftpchroot debian/ftpusers debian/tmp/etc - cp debian/pam.d/ftp debian/tmp/etc/pam.d + cp ftpd/ftpd debian/ftpd-ssl/usr/sbin/in.ftpd + cp ftpd/ftpd.8 debian/ftpd-ssl/usr/share/man/man8/in.ftpd.8 + cp ftpd/*.5 debian/*.5 debian/ftpd-ssl/usr/share/man/man5 + ln -sf in.ftpd.8 debian/ftpd-ssl/usr/share/man/man8/ftpd.8 + cp debian/ftpchroot debian/ftpusers debian/ftpd-ssl/etc + cp debian/pam.d/ftp debian/ftpd-ssl/etc/pam.d touch install-stamp --- linux-ftpd-ssl-0.17.18+0.3.orig/debian/compat +++ linux-ftpd-ssl-0.17.18+0.3/debian/compat @@ -0,0 +1,2 @@ +4 + --- linux-ftpd-ssl-0.17.18+0.3.orig/debian/README.SSL +++ linux-ftpd-ssl-0.17.18+0.3/debian/README.SSL @@ -0,0 +1,14 @@ +The SSL patches were downloaded from +ftp://ftp.uni-mainz.de/pub/software/security/ssl/SSL-MZapps/linux-ftpd-0.17+ssl-0.3.diff.gz + +The packages was build in the following way: + +apt-get source linux-ftpd +mv linux-ftpd-0.17 linux-ftpd-ssl-0.17.18+0.3 +cd linux-ftpd-ssl-0.17.18+0.3 +zcat ../linux-ftpd-0.17+ssl-0.3.diff.gz | patch -p1 +#don't fix problems with applied patches ! +cd .. +cp -a linux-ftpd-ssl-0.17.18+0.3 linux-ftpd-ssl-0.17.18+0.3.orig +cd linux-ftpd-ssl-0.17.18+0.3 +zcat ../linux-ftpd-ssl_0.17.12+0.3-2.diff.gz | patch -p1